SAINT CorporationSAINT:01F6AB181B9716E570CF44A9F1F8F548MERCUR imapd NTLMSSP
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.608 Medium
EPSS
Percentile
97.8%
Added: 04/03/2007
CVE: CVE-2007-1578
BID: 23058
OSVDB: 33545
Background
[MERCUR Messaging Server](<http://www.atrium-software.com/index.php?conte
nt=mercur>) is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms.
Problem
A buffer overflow vulnerability in MERCUR Messaging Server allows remote attackers to execute arbitrary commands by sending a specially crafted NTLM Type 3 message to the imapd service.
Resolution
Upgrade to MERCUR Messaging Server 5.0 SP5 or higher when available.
References
<http://secunia.com/advisories/24596>
Limitations
Exploit works on MERCUR Messaging Server 5.0 SP3 and SP4 on Windows 2000.
Platforms
Windows
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.608 Medium
EPSS
Percentile
97.8%